On Wed, May 29, 2019 at 1:38 AM Miguel Ojeda <miguel.ojeda.sandonis@xxxxxxxxx> wrote: > > If the user asks us for offset == num, we should already fail in the > first check, i.e. the one testing for offsets beyond the object. > > At the moment, we are failing on the second test anyway, > since count cannot be 0. Still, to agree with the comment of the first > test, we should first there. I think, we need to cc linux-mm. > > Signed-off-by: Miguel Ojeda <miguel.ojeda.sandonis@xxxxxxxxx> > --- > mm/memory.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/mm/memory.c b/mm/memory.c > index ddf20bd0c317..74cf8b0ce353 100644 > --- a/mm/memory.c > +++ b/mm/memory.c > @@ -1547,7 +1547,7 @@ static int __vm_map_pages(struct vm_area_struct *vma, struct page **pages, > int ret, i; > > /* Fail if the user requested offset is beyond the end of the object */ > - if (offset > num) > + if (offset >= num) > return -ENXIO; > > /* Fail if the user requested size exceeds available object size */ > -- > 2.17.1 >
